| CVE-2026-2888 | Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 5.3 | 2026-03-13 08:25:17 | Deep Dive |
| CVE-2026-2890 | Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | High | 7.5 | 2026-03-13 07:23:40 | Deep Dive |
| CVE-2025-14757 | Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass | stylemix | Cost Calculator Builder | Medium | 5.3 | 2026-01-16 08:38:30 | Deep Dive |
| CVE-2025-13696 | Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint | softdiscover | Zigaform – Price Calculator & Cost Estimation Form Builder Lite | Medium | 5.3 | 2025-12-02 07:24:31 | Deep Dive |
| CVE-2025-12529 | Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion | stylemix | Cost Calculator Builder | High | 8.8 | 2025-12-02 01:51:56 | Deep Dive |
| CVE-2025-12535 | SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-19 06:45:26 | Deep Dive |
| CVE-2025-12536 | SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure | brainstormforce | SureForms – Contact Form, Payment Form & Other Custom Form Builder | Medium | 5.3 | 2025-11-13 03:27:39 | Deep Dive |
| CVE-2025-62049 | WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability | Stylemix | Cost Calculator Builder | Medium | 6.5 | 2025-11-06 15:55:44 | Deep Dive |
| CVE-2025-9243 | Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions | stylemix | Cost Calculator Builder | High | 8.1 | 2025-10-04 02:24:36 | Deep Dive |
| CVE-2025-48277 | WordPress Cost Calculator Builder plugin <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability | Stylemix | Cost Calculator Builder | Medium | 5.9 | 2025-05-19 14:45:26 | Deep Dive |
| CVE-2025-39587 | WordPress Cost Calculator Builder plugin <= 3.2.65 - SQL Injection Vulnerability | Stylemix | Cost Calculator Builder | Critical | 9.3 | 2025-04-17 15:46:44 | Deep Dive |
| CVE-2025-2128 | Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter | stylemix | Cost Calculator Builder | Medium | 6.5 | 2025-04-11 09:21:45 | Deep Dive |
| CVE-2025-31414 | WordPress Cost Calculator Builder plugin <= 3.2.65 - Cross Site Scripting (XSS) vulnerability | Stylemix | Cost Calculator Builder | Medium | 6.5 | 2025-03-31 06:07:12 | Deep Dive |
| CVE-2025-26994 | WordPress Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability | softdiscover | Zigaform – Price Calculator & Cost Estimation Form Builder Lite | High | 7.1 | 2025-03-03 13:30:42 | Deep Dive |
| CVE-2025-26760 | WordPress Calculator Builder plugin <= 1.6.2 - Local File Inclusion vulnerability | Wow-Company | Calculator Builder | 高危 | - | 2025-02-22 15:52:47 | Deep Dive |
| CVE-2024-13587 | Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | softdiscover | Zigaform – Price Calculator & Cost Estimation Form Builder Lite | Medium | 6.4 | 2025-02-18 04:21:10 | Deep Dive |
| CVE-2024-11939 | Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data | StylemixThemes | Cost Calculator Builder PRO | High | 7.5 | 2025-01-08 08:18:17 | Deep Dive |
| CVE-2024-10892 | Cost Calculator Builder < 3.2.43 - Settings update via CSRF | Unknown | Cost Calculator Builder | 中危 | - | 2024-12-18 06:00:16 | Deep Dive |
| CVE-2023-40011 | WordPress Cost Calculator Builder plugin <= 3.1.42 - Broken Access Control vulnerability | Stylemix | Cost Calculator Builder | Medium | 5.4 | 2024-12-13 14:24:05 | Deep Dive |
| CVE-2024-11188 | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder <= 6.16.1.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter | strategy11team | Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder | Medium | 6.1 | 2024-11-23 05:40:11 | Deep Dive |